CVE-2024-42103: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's BTRFS filesystem has been identified as CVE-2024-42103. The issue involves a potential parallel list adding operation between the block group reclaim list and unused list during reclaim operations. This vulnerability was discovered in June 2024 and affects the BTRFS filesystem component of the Linux kernel (Kernel Git).

The vulnerability occurs when a block group is removed from the reclaim list while it is on a relocation work, allowing it to be added to the unused list in parallel. This parallel operation can lead to list corruption when attempting to add it back to the reclaim list. The issue manifests as a kernel BUG at lib/list_debug.c:65 with an invalid opcode error, triggering a kernel panic (Kernel Git).

When exploited, this vulnerability can cause a kernel panic, leading to system crashes and denial of service. The issue is particularly problematic when relocation operations cannot find more chunk space and end with ENOSPC errors (Kernel Git).

The issue has been fixed by implementing proper locking mechanisms using fsinfo->unusedbgs_lock to prevent parallel list operations. The fix ensures that the block group's list status is checked under the lock before adding it to the retry list (Kernel Git).